egommerce/stack
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Update

Browse Source
This commit is contained in:
Piotr Biernat 2025-03-16 14:19:29 +01:00
parent 6848b55101
commit fa62c0b817
9 changed files with 60 additions and 211 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
Makefile
View File

@ -1,6 +1,5 @@
DEPLOY_DIR := ./deploy DEPLOY_DIR := ./deploy
# SETTING ENV
up: up:
- sh ${DEPLOY_DIR}/scripts/start-docker.sh - sh ${DEPLOY_DIR}/scripts/start-docker.sh
@ -8,7 +7,7 @@ down:
- docker stack rm egommerce - docker stack rm egommerce
k8s-up: k8s-up:
- sh ${DEPLOY_DIR}/start-k8s.sh - sh ${DEPLOY_DIR}/scripts/start-k8s.sh
k8s-down: k8s-down:
- kubectl delete -f deploy/k8s/stack.yml - kubectl delete -f deploy/k8s/stack.yml

4
deploy/.env.dist
View File

@ -1,6 +1,6 @@
API_GATEWAY_ADDR=gw.service.ego.io API_GATEWAY_ADDR=gw.service.ego.io
API_GATEWAY_PORT=443 API_GATEWAY_PORT=443
# API_REGISTRY_ADDR=registry.service.ego.io # REGISTRY_ADDR=registry.service.ego.io
API_REGISTRY_ADDR=api-registry REGISTRY_ADDR=api-registry
API_REGISTRY_PORT=8501 API_REGISTRY_PORT=8501

4
deploy/.env.local
View File

@ -1,6 +1,6 @@
API_GATEWAY_ADDR=gw.service.ego.io API_GATEWAY_ADDR=gw.service.ego.io
API_GATEWAY_PORT=443 API_GATEWAY_PORT=443
# API_REGISTRY_ADDR=registry.service.ego.io # REGISTRY_ADDR=registry.service.ego.io
#API_REGISTRY_ADDR=api-registry #REGISTRY_ADDR=api-registry
API_REGISTRY_PORT=8501 API_REGISTRY_PORT=8501

6
deploy/.env.prod Normal file
View File

@ -0,0 +1,6 @@
API_GATEWAY_ADDR=gw.service.ego.io
API_GATEWAY_PORT=443
# REGISTRY_ADDR=registry.service.ego.io
#REGISTRY_ADDR=api-registry
API_REGISTRY_PORT=8501

2
deploy/bin/register-service.go
View File

@ -9,7 +9,7 @@ import (
) )
func main() { func main() {
addr, port := env("API_REGISTRY_ADDR", "api-registry"), env("API_REGISTRY_PORT", "8501") addr, port := env("REGISTRY_ADDR", "api-registry"), env("API_REGISTRY_PORT", "8501")
regUrl := "https://" + addr + ":" + port + "/v1/agent/service/register?replace-existing-checks=true" regUrl := "https://" + addr + ":" + port + "/v1/agent/service/register?replace-existing-checks=true"
regData, err := os.ReadFile("/.app.config") regData, err := os.ReadFile("/.app.config")
if err != nil { if err != nil {

6
deploy/docker/stack.dev.local.yml
View File

@ -5,7 +5,7 @@ services:
env_file: ../.env.local env_file: ../.env.local
environment: environment:
- CONSUL_HTTP_TOKEN=784746ec-0d5d-fb12-1a79-95f912dcaabd - CONSUL_HTTP_TOKEN=784746ec-0d5d-fb12-1a79-95f912dcaabd
- VAULT_TOKEN=hvs.dZL3N8PAozQ7EbOYFFDeipui # ROOT TOKEN - VAULT_TOKEN=hvs.s6d6dyijMAyJ6b0WQYdjadZG # ROOT TOKEN
# - VAULT_TOKEN=hvs.CAESICxuTO_JieCbpMoZ4_qOPIohxSKim_4V8t11JLg93RtKGh4KHGh2cy5VUUFqUm5CdTQ3V3hMQ3BHSDB4dThNZHE # - VAULT_TOKEN=hvs.CAESICxuTO_JieCbpMoZ4_qOPIohxSKim_4V8t11JLg93RtKGh4KHGh2cy5VUUFqUm5CdTQ3V3hMQ3BHSDB4dThNZHE
volumes: volumes:
- ../certs/api-registry/api-registry.crt:/etc/certs/registry.local.crt:ro - ../certs/api-registry/api-registry.crt:/etc/certs/registry.local.crt:ro
@ -15,7 +15,7 @@ services:
env_file: ../.env.local env_file: ../.env.local
environment: environment:
- CONSUL_HTTP_TOKEN=784746ec-0d5d-fb12-1a79-95f912dcaabd - CONSUL_HTTP_TOKEN=784746ec-0d5d-fb12-1a79-95f912dcaabd
- VAULT_TOKEN=hvs.dZL3N8PAozQ7EbOYFFDeipui # ROOT TOKEN - VAULT_TOKEN=hvs.s6d6dyijMAyJ6b0WQYdjadZG # ROOT TOKEN
# - VAULT_TOKEN=hvs.CAESICxuTO_JieCbpMoZ4_qOPIohxSKim_4V8t11JLg93RtKGh4KHGh2cy5VUUFqUm5CdTQ3V3hMQ3BHSDB4dThNZHE # - VAULT_TOKEN=hvs.CAESICxuTO_JieCbpMoZ4_qOPIohxSKim_4V8t11JLg93RtKGh4KHGh2cy5VUUFqUm5CdTQ3V3hMQ3BHSDB4dThNZHE
volumes: volumes:
- ../certs/api-gateway/api-gateway.crt:/etc/certs/gateway.local.crt:ro - ../certs/api-gateway/api-gateway.crt:/etc/certs/gateway.local.crt:ro
@ -26,7 +26,7 @@ services:
# command: ["vault", "server", "-dev", "-dev-tls", "-dev-listen-address=0.0.0.0:8200", "-dev-root-token-id=dev-vault-token"] # command: ["vault", "server", "-dev", "-dev-tls", "-dev-listen-address=0.0.0.0:8200", "-dev-root-token-id=dev-vault-token"]
environment: environment:
- CONSUL_HTTP_TOKEN=784746ec-0d5d-fb12-1a79-95f912dcaabd - CONSUL_HTTP_TOKEN=784746ec-0d5d-fb12-1a79-95f912dcaabd
- VAULT_TOKEN=hvs.dZL3N8PAozQ7EbOYFFDeipui # ROOT TOKEN - VAULT_TOKEN=hvs.s6d6dyijMAyJ6b0WQYdjadZG # ROOT TOKEN
# - VAULT_TOKEN=hvs.CAESICxuTO_JieCbpMoZ4_qOPIohxSKim_4V8t11JLg93RtKGh4KHGh2cy5VUUFqUm5CdTQ3V3hMQ3BHSDB4dThNZHE # - VAULT_TOKEN=hvs.CAESICxuTO_JieCbpMoZ4_qOPIohxSKim_4V8t11JLg93RtKGh4KHGh2cy5VUUFqUm5CdTQ3V3hMQ3BHSDB4dThNZHE
volumes: volumes:
- ../certs/api-vault/api-vault.crt:/etc/certs/vault.crt:ro - ../certs/api-vault/api-vault.crt:/etc/certs/vault.crt:ro

26
deploy/docker/stack.yml
View File

@ -83,7 +83,7 @@ services:
environment: environment:
- APP_DOMAIN - APP_DOMAIN
- APP_NAME=api-vault - APP_NAME=api-vault
- API_REGISTRY_ADDR=api-registry - REGISTRY_ADDR=api-registry
- VAULT_ADDR=https://localhost:8200 - VAULT_ADDR=https://localhost:8200
- VAULT_API_ADDR=https://localhost:8200 - VAULT_API_ADDR=https://localhost:8200
volumes: volumes:
@ -109,7 +109,7 @@ services:
- RABBITMQ_ERLANG_COOKIE=rabbitmq - RABBITMQ_ERLANG_COOKIE=rabbitmq
- APP_DOMAIN - APP_DOMAIN
- APP_NAME=api-eventbus - APP_NAME=api-eventbus
- API_REGISTRY_ADDR=api-registry - REGISTRY_ADDR=api-registry
volumes: volumes:
- eventbus_data:/var/lib/rabbitmq - eventbus_data:/var/lib/rabbitmq
- eventbus_logs:/var/log/rabbitmq - eventbus_logs:/var/log/rabbitmq
@ -133,7 +133,7 @@ services:
environment: environment:
- APP_DOMAIN - APP_DOMAIN
- APP_NAME=api-cache - APP_NAME=api-cache
- API_REGISTRY_ADDR=api-registry - REGISTRY_ADDR=api-registry
volumes: volumes:
- ../certs/ca-root/ca-root.crt:/usr/local/share/ca-certificates/internalCA.crt:ro - ../certs/ca-root/ca-root.crt:/usr/local/share/ca-certificates/internalCA.crt:ro
- ../bin/register-service:/bin/register-service - ../bin/register-service:/bin/register-service
@ -153,7 +153,7 @@ services:
environment: environment:
- APP_DOMAIN - APP_DOMAIN
- APP_NAME=api-logger - APP_NAME=api-logger
- API_REGISTRY_ADDR=api-registry - REGISTRY_ADDR=api-registry
volumes: volumes:
- ../certs/ca-root/ca-root.crt:/usr/local/share/ca-certificates/internalCA.crt:ro - ../certs/ca-root/ca-root.crt:/usr/local/share/ca-certificates/internalCA.crt:ro
- ../bin/register-service:/bin/register-service - ../bin/register-service:/bin/register-service
@ -174,7 +174,7 @@ services:
# environment: # environment:
# - APP_DOMAIN # - APP_DOMAIN
# - APP_NAME=api-prometheus # - APP_NAME=api-prometheus
# - API_REGISTRY_ADDR=api-registry # - REGISTRY_ADDR=api-registry
# volumes: # volumes:
# - ../etc/prometheus/prometheus.yml:/etc/prometheus/prometheus.yml # - ../etc/prometheus/prometheus.yml:/etc/prometheus/prometheus.yml
# - ../certs/ca-root/ca-root.crt:/usr/local/share/ca-certificates/internalCA.crt:ro # - ../certs/ca-root/ca-root.crt:/usr/local/share/ca-certificates/internalCA.crt:ro
@ -191,7 +191,7 @@ services:
# environment: # environment:
# - APP_DOMAIN # - APP_DOMAIN
# - APP_NAME=api-grafana # - APP_NAME=api-grafana
# - API_REGISTRY_ADDR=api-registry # - REGISTRY_ADDR=api-registry
# volumes: # volumes:
# - grafana-db:/var/lib/grafana # - grafana-db:/var/lib/grafana
# - ../certs/ca-root/ca-root.crt:/usr/local/share/ca-certificates/internalCA.crt:ro # - ../certs/ca-root/ca-root.crt:/usr/local/share/ca-certificates/internalCA.crt:ro
@ -207,7 +207,7 @@ services:
environment: environment:
- APP_DOMAIN - APP_DOMAIN
- APP_NAME=db-postgres - APP_NAME=db-postgres
- API_REGISTRY_ADDR=api-registry - REGISTRY_ADDR=api-registry
- POSTGRESQL_USERNAME=postgres - POSTGRESQL_USERNAME=postgres
- POSTGRESQL_DATABASE=postgres - POSTGRESQL_DATABASE=postgres
- POSTGRESQL_PASSWORD=H5Gd7^37*Hka*a72 - POSTGRESQL_PASSWORD=H5Gd7^37*Hka*a72
@ -232,7 +232,7 @@ services:
# environment: # environment:
# - APP_DOMAIN # - APP_DOMAIN
# - APP_NAME=mongo-db # - APP_NAME=mongo-db
# - API_REGISTRY_ADDR=api-registry # - REGISTRY_ADDR=api-registry
# - MONGO_INITDB_ROOT_USERNAME=mongodb # - MONGO_INITDB_ROOT_USERNAME=mongodb
# - MONGO_INITDB_ROOT_PASSWORD # - MONGO_INITDB_ROOT_PASSWORD
# volumes: # volumes:
@ -256,7 +256,7 @@ services:
environment: environment:
- APP_NAME=identity-svc - APP_NAME=identity-svc
- APP_PATH_PREFIX=/identity - APP_PATH_PREFIX=/identity
- API_REGISTRY_ADDR=api-gateway - REGISTRY_ADDR=https://api-gateway:8501
- APP_DOMAIN - APP_DOMAIN
- APP_KV_NAMESPACE - APP_KV_NAMESPACE
- DATABASE_URL - DATABASE_URL
@ -284,7 +284,7 @@ services:
environment: environment:
- APP_NAME=catalog-svc - APP_NAME=catalog-svc
- APP_PATH_PREFIX=/catalog - APP_PATH_PREFIX=/catalog
- API_REGISTRY_ADDR=api-gateway - REGISTRY_ADDR=https://api-gateway:8501
- APP_DOMAIN - APP_DOMAIN
- APP_KV_NAMESPACE - APP_KV_NAMESPACE
- AUTH_HANDLER_URL - AUTH_HANDLER_URL
@ -313,7 +313,7 @@ services:
environment: environment:
- APP_NAME=basket-svc - APP_NAME=basket-svc
- APP_PATH_PREFIX=/basket - APP_PATH_PREFIX=/basket
- API_REGISTRY_ADDR=api-gateway - REGISTRY_ADDR=https://api-gateway:8501
- APP_DOMAIN - APP_DOMAIN
- APP_KV_NAMESPACE - APP_KV_NAMESPACE
- AUTH_HANDLER_URL - AUTH_HANDLER_URL
@ -342,7 +342,7 @@ services:
environment: environment:
- APP_NAME=order-svc - APP_NAME=order-svc
- APP_PATH_PREFIX=/order - APP_PATH_PREFIX=/order
- API_REGISTRY_ADDR=api-gateway - REGISTRY_ADDR=https://api-gateway:8501
- APP_DOMAIN - APP_DOMAIN
- APP_KV_NAMESPACE - APP_KV_NAMESPACE
- AUTH_HANDLER_URL - AUTH_HANDLER_URL
@ -371,7 +371,7 @@ services:
environment: environment:
- APP_NAME=pricing-svc - APP_NAME=pricing-svc
- APP_PATH_PREFIX=/pricing - APP_PATH_PREFIX=/pricing
- API_REGISTRY_ADDR=api-gateway - REGISTRY_ADDR=https://api-gateway:8501
- APP_DOMAIN - APP_DOMAIN
- APP_KV_NAMESPACE - APP_KV_NAMESPACE
- AUTH_HANDLER_URL - AUTH_HANDLER_URL

156
deploy/make-cert.sh
View File

@ -1,156 +0,0 @@
#!/bin/bash
cd deploy/certs
mkdir -p ca
mkdir -p api-gateway api-registry api-gateway api-eventbus api-vault
mkdir -p basket-svc catalog-svc identity-svc order-svc pricing-svc
# # Generate ROOT Key
# openssl genrsa -out ca/internalCA.key 4096
# # Generate ROOT Cert
# openssl req -x509 -new -nodes -key ca/internalCA.key -subj "/C=PL/ST=Slask/L=Gliwice/O=Egommerce.io CA/CN=egommerce.io" \
# -sha256 -days 3650 -out ca/internalCA.crt
# # MANAGING SERVICES
# # Generate Key for API-REGISTRY
# openssl genrsa -out api-registry/registry.key 2048
# # Generate Cert for API-REGISTRY
openssl req -new -sha256 -key api-registry/registry.key -subj "/C=PL/ST=Slask/L=Gliwice/O=Egommerce.io/CN=api-registry" \
-out api-registry/registry.internal.csr
openssl req -new -sha256 -key api-registry/registry.key -subj "/C=PL/ST=Slask/L=Gliwice/O=Egommerce.io/CN=api-registry" \
-out api-registry/registry.local.csr
openssl x509 -req -in api-registry/registry.internal.csr -CA ca/internalCA.crt -CAkey ca/internalCA.key -CAcreateserial \
-extensions SAN \
-extfile <(cat /etc/ssl/openssl.cnf <(printf '[SAN]\nsubjectAltName=DNS:api-registry,DNS:consul.service.ego.io,DNS:consul.service.dc.ego.io,IP:127.0.0.1')) \
-out api-registry/registry.internal.crt -days 365 -sha256
openssl x509 -req -in api-registry/registry.local.csr -CA ca/internalCA.crt -CAkey ca/internalCA.key -CAcreateserial \
-extensions SAN \
-extfile <(cat /etc/ssl/openssl.cnf <(printf '[SAN]\nsubjectAltName=DNS:api-registry,DNS:registry.egommerce.local,DNS:host.docker.internal,DNS:localhost,IP:127.0.0.1')) \
-out api-registry/registry.local.crt -days 365 -sha256
# # Generate Key for API-GATEWAY
# openssl genrsa -out api-gateway/gateway.key 2048
# # Generate Cert for API-GATEWAY
openssl req -new -sha256 -key api-gateway/gateway.key -subj "/C=PL/ST=Slask/L=Gliwice/O=Egommerce.io/CN=api-gateway" \
-out api-gateway/gateway.internal.csr
openssl req -new -sha256 -key api-gateway/gateway.key -subj "/C=PL/ST=Slask/L=Gliwice/O=Egommerce.io/CN=api-gateway" \
-out api-gateway/gateway.local.csr
openssl x509 -req -in api-gateway/gateway.internal.csr -CA ca/internalCA.crt -CAkey ca/internalCA.key -CAcreateserial \
-extensions SAN \
-extfile <(cat /etc/ssl/openssl.cnf <(printf '[SAN]\nsubjectAltName=DNS:api-gateway,DNS:gateway.service.ego.io,DNS:gateway.service.dc.ego.io,IP:127.0.0.1')) \
-out api-gateway/gateway.internal.crt -days 365 -sha256
openssl x509 -req -in api-gateway/gateway.local.csr -CA ca/internalCA.crt -CAkey ca/internalCA.key -CAcreateserial \
-extensions SAN \
-extfile <(cat /etc/ssl/openssl.cnf <(printf '[SAN]\nsubjectAltName=DNS:api-gateway,DNS:gateway.egommerce.local,DNS:host.docker.internal,DNS:localhost,IP:127.0.0.1')) \
-out api-gateway/gateway.local.crt -days 365 -sha256
# Generate Key for API-VAULT
# openssl genrsa -out api-vault/vault.key 2048
# Generate Cert for API-VAULT
openssl req -new -sha256 -key api-vault/vault.key -subj "/C=PL/ST=Slask/L=Gliwice/O=Egommerce.io/CN=api-vault" \
-out api-vault/vault.internal.csr
openssl req -new -sha256 -key api-vault/vault.key -subj "/C=PL/ST=Slask/L=Gliwice/O=Egommerce.io/CN=api-vault" \
-out api-vault/vault.local.csr
openssl x509 -req -in api-vault/vault.internal.csr -CA ca/internalCA.crt -CAkey ca/internalCA.key -CAcreateserial \
-extensions SAN \
-extfile <(cat /etc/ssl/openssl.cnf <(printf '[SAN]\nsubjectAltName=DNS:api-vault,DNS:vault.service.ego.io,DNS:localhost,IP:127.0.0.1')) \
-out api-vault/vault.internal.crt -days 365 -sha256
openssl x509 -req -in api-vault/vault.local.csr -CA ca/internalCA.crt -CAkey ca/internalCA.key -CAcreateserial \
-extensions SAN \
-extfile <(cat /etc/ssl/openssl.cnf <(printf '[SAN]\nsubjectAltName=DNS:api-vault,DNS:vault.egommerce.local,DNS:host.docker.internal,DNS:localhost,IP:127.0.0.1')) \
-out api-vault/vault.local.crt -days 365 -sha256
# Generate Key for API-EVENTBUS
# openssl genrsa -out api-eventbus/eventbus.key 2048
# Generate Cert for API-EVENTBUS
openssl req -new -sha256 -key api-eventbus/eventbus.key -subj "/C=PL/ST=Slask/L=Gliwice/O=Egommerce.io/CN=api-eventbus" \
-out api-eventbus/eventbus.internal.csr
openssl req -new -sha256 -key api-eventbus/eventbus.key -subj "/C=PL/ST=Slask/L=Gliwice/O=Egommerce.io/CN=api-eventbus" \
-out api-eventbus/eventbus.local.csr
openssl x509 -req -in api-eventbus/eventbus.internal.csr -CA ca/internalCA.crt -CAkey ca/internalCA.key -CAcreateserial \
-extensions SAN \
-extfile <(cat /etc/ssl/openssl.cnf <(printf '[SAN]\nsubjectAltName=DNS:api-eventbus,DNS:esb.service.ego.io,DNS:localhost,IP:127.0.0.1')) \
-out api-eventbus/eventbus.internal.crt -days 365 -sha256
openssl x509 -req -in api-eventbus/eventbus.local.csr -CA ca/internalCA.crt -CAkey ca/internalCA.key -CAcreateserial \
-extensions SAN \
-extfile <(cat /etc/ssl/openssl.cnf <(printf '[SAN]\nsubjectAltName=DNS:api-eventbus,DNS:eventbus.egommerce.local,DNS:host.docker.internal,DNS:localhost,IP:127.0.0.1')) \
-out api-eventbus/eventbus.local.crt -days 365 -sha256
# API MICROSERVICES
# Generate Key for domain (service) - BASKET-SVC
# openssl genrsa -out basket-svc/basket-svc.key 2048
# Generate Cert for domain (service) - BASKET-SVC
openssl req -new -sha256 -key basket-svc/basket-svc.key -subj "/C=PL/ST=Slask/L=Gliwice/O=Egommerce.io/CN=basket-svc" \
-out basket-svc/basket-svc.csr
openssl x509 -req -in basket-svc/basket-svc.csr -CA ca/internalCA.crt -CAkey ca/internalCA.key -CAcreateserial \
-extensions SAN \
-extfile <(cat /etc/ssl/openssl.cnf <(printf '[SAN]\nsubjectAltName=DNS:basket-svc,DNS:basket.service.ego.io,DNS:host.docker.internal,DNS:localhost,IP:127.0.0.1')) \
-out basket-svc/basket-svc.crt -days 365 -sha256
# Generate Key for domain (service) - CATALOG-SVC
# openssl genrsa -out catalog-svc/catalog-svc.key 2048
# Generate Cert for domain (service) - CATALOG-SVC
openssl req -new -sha256 -key catalog-svc/catalog-svc.key -subj "/C=PL/ST=Slask/L=Gliwice/O=Egommerce.io/CN=catalog-svc" \
-out catalog-svc/catalog-svc.csr
openssl x509 -req -in catalog-svc/catalog-svc.csr -CA ca/internalCA.crt -CAkey ca/internalCA.key -CAcreateserial \
-extensions SAN \
-extfile <(cat /etc/ssl/openssl.cnf <(printf '[SAN]\nsubjectAltName=DNS:catalog-svc,DNS:catalog.service.ego.io,DNS:host.docker.internal,DNS:localhost,IP:127.0.0.1')) \
-out catalog-svc/catalog-svc.crt -days 365 -sha256
# Generate Key for domain (service) - IDENTITY-SVC
# openssl genrsa -out identity-svc/identity-svc.key 2048
# Generate Cert for domain (service) - IDENTITY-SVC
openssl req -new -sha256 -key identity-svc/identity-svc.key -subj "/C=PL/ST=Slask/L=Gliwice/O=Egommerce.io/CN=identity-svc" \
-out identity-svc/identity-svc.csr
openssl x509 -req -in identity-svc/identity-svc.csr -CA ca/internalCA.crt -CAkey ca/internalCA.key -CAcreateserial \
-extensions SAN \
-extfile <(cat /etc/ssl/openssl.cnf <(printf '[SAN]\nsubjectAltName=DNS:identity-svc,DNS:identity.service.ego.io,DNS:host.docker.internal,DNS:localhost,IP:127.0.0.1')) \
-out identity-svc/identity-svc.crt -days 365 -sha256
# Generate Key for domain (service) - ORDER-SVC
# openssl genrsa -out order-svc/order-svc.key 2048
# Generate Cert for domain (service) - ORDER-SVC
openssl req -new -sha256 -key order-svc/order-svc.key -subj "/C=PL/ST=Slask/L=Gliwice/O=Egommerce.io/CN=order-svc" \
-out order-svc/order-svc.csr
openssl x509 -req -in order-svc/order-svc.csr -CA ca/internalCA.crt -CAkey ca/internalCA.key -CAcreateserial \
-extensions SAN \
-extfile <(cat /etc/ssl/openssl.cnf <(printf '[SAN]\nsubjectAltName=DNS:order-svc,DNS:order.service.ego.io,DNS:host.docker.internal,DNS:localhost,IP:127.0.0.1')) \
-out order-svc/order-svc.crt -days 365 -sha256
# Generate Key for domain (service) - PRICING-SVC
# openssl genrsa -out pricing-svc/pricing-svc.key 2048
# Generate Cert for domain (service) - PRICING-SVC
openssl req -new -sha256 -key pricing-svc/pricing-svc.key -subj "/C=PL/ST=Slask/L=Gliwice/O=Egommerce.io/CN=pricing-svc" \
-out pricing-svc/pricing-svc.csr
openssl x509 -req -in pricing-svc/pricing-svc.csr -CA ca/internalCA.crt -CAkey ca/internalCA.key -CAcreateserial \
-extensions SAN \
-extfile <(cat /etc/ssl/openssl.cnf <(printf '[SAN]\nsubjectAltName=DNS:pricing-svc,DNS:pricing.service.ego.io,DNS:host.docker.internal,DNS:localhost,IP:127.0.0.1')) \
-out pricing-svc/pricing-svc.crt -days 365 -sha256

64
deploy/scripts/gen-certs.sh
View File

@ -3,10 +3,10 @@
export DEPLOY_DIR="./deploy" export DEPLOY_DIR="./deploy"
export CERTS_DIR="${DEPLOY_DIR}/certs/" export CERTS_DIR="${DEPLOY_DIR}/certs/"
export REGISTRY_CN="registry.egommerce.local,api-registry,localhost" export REGISTRY_CN="registry.egommerce.local,api-registry,server.dc.ego.io,localhost"
export REGISTRY_SAN="DNS:registry.egommerce.local,DNS:api-registry,DNS:localhost,IP:127.0.0.1" export REGISTRY_SAN="DNS:registry.egommerce.local,DNS:api-registry,DNS:server.dc.ego.io,DNS:localhost,IP:127.0.0.1"
export GATEWAY_CN="gateway.egommerce.local,api-gatway,localhost" export GATEWAY_CN="gateway.egommerce.local,api-gatway,gateway.dc.ego.io,localhost"
export GATEWAY_SAN="DNS:gateway.egommerce.local,DNS:api-gateway,DNS:gw.egommerce.local,DNS:localhost,IP:127.0.0.1" export GATEWAY_SAN="DNS:gateway.egommerce.local,DNS:api-gateway,DNS:gw.egommerce.local,DNS:gateway.dc.ego.io,DNS:localhost,IP:127.0.0.1"
export VAULT_CN="vault.egommerce.local,api-vault,localhost" export VAULT_CN="vault.egommerce.local,api-vault,localhost"
export VAULT_SAN="DNS:vault.egommerce.local,DNS:api-vault,DNS:localhost,IP:127.0.0.1" export VAULT_SAN="DNS:vault.egommerce.local,DNS:api-vault,DNS:localhost,IP:127.0.0.1"
export EVENTBUS_CN="esb.egommerce.local,api-eventbus,localhost" export EVENTBUS_CN="esb.egommerce.local,api-eventbus,localhost"
@ -68,8 +68,8 @@ openssl req -newkey rsa:2048 -nodes \
openssl x509 -req -days 365 \ openssl x509 -req -days 365 \
-in ${CERTS_DIR}api-registry/api-registry.csr -CA ${CERTS_DIR}ca-root/ca-root.crt \ -in ${CERTS_DIR}api-registry/api-registry.csr -CA ${CERTS_DIR}ca-root/ca-root.crt \
-extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${REGISTRY_SAN}")) \
-CAkey ${CERTS_DIR}ca-root/ca-root.key -set_serial 01 \ -CAkey ${CERTS_DIR}ca-root/ca-root.key -set_serial 01 \
-extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${REGISTRY_SAN}")) \
-out ${CERTS_DIR}api-registry/api-registry.crt >/dev/null -out ${CERTS_DIR}api-registry/api-registry.crt >/dev/null
@ -81,12 +81,12 @@ openssl req -newkey rsa:2048 -nodes \
openssl x509 -req -days 365 \ openssl x509 -req -days 365 \
-in ${CERTS_DIR}api-gateway/api-gateway.csr -CA ${CERTS_DIR}ca-root/ca-root.crt \ -in ${CERTS_DIR}api-gateway/api-gateway.csr -CA ${CERTS_DIR}ca-root/ca-root.crt \
-extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${GATEWAY_SAN}")) \
-CAkey ${CERTS_DIR}ca-root/ca-root.key -set_serial 01 \ -CAkey ${CERTS_DIR}ca-root/ca-root.key -set_serial 01 \
-extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${GATEWAY_SAN}")) \
-out ${CERTS_DIR}api-gateway/api-gateway.crt >/dev/null -out ${CERTS_DIR}api-gateway/api-gateway.crt >/dev/null
# Genearte Vault cert # Generate Vault cert
openssl req -newkey rsa:2048 -nodes \ openssl req -newkey rsa:2048 -nodes \
-subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/CN=$VAULT_CN" \ -subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/CN=$VAULT_CN" \
-keyout ${CERTS_DIR}api-vault/api-vault.key \ -keyout ${CERTS_DIR}api-vault/api-vault.key \
@ -94,12 +94,12 @@ openssl req -newkey rsa:2048 -nodes \
openssl x509 -req -days 365 \ openssl x509 -req -days 365 \
-in ${CERTS_DIR}api-vault/api-vault.csr -CA ${CERTS_DIR}ca-root/ca-root.crt \ -in ${CERTS_DIR}api-vault/api-vault.csr -CA ${CERTS_DIR}ca-root/ca-root.crt \
-extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${VAULT_SAN}")) \
-CAkey ${CERTS_DIR}ca-root/ca-root.key -set_serial 01 \ -CAkey ${CERTS_DIR}ca-root/ca-root.key -set_serial 01 \
-extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${VAULT_SAN}")) \
-out ${CERTS_DIR}api-vault/api-vault.crt >/dev/null -out ${CERTS_DIR}api-vault/api-vault.crt >/dev/null
# Genearte Eventbus cert # Generate Eventbus cert
openssl req -newkey rsa:2048 -nodes \ openssl req -newkey rsa:2048 -nodes \
-subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/CN=$EVENTBUS_CN" \ -subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/CN=$EVENTBUS_CN" \
-keyout ${CERTS_DIR}api-eventbus/api-eventbus.key \ -keyout ${CERTS_DIR}api-eventbus/api-eventbus.key \
@ -107,12 +107,12 @@ openssl req -newkey rsa:2048 -nodes \
openssl x509 -req -days 365 \ openssl x509 -req -days 365 \
-in ${CERTS_DIR}api-eventbus/api-eventbus.csr -CA ${CERTS_DIR}ca-root/ca-root.crt \ -in ${CERTS_DIR}api-eventbus/api-eventbus.csr -CA ${CERTS_DIR}ca-root/ca-root.crt \
-extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${EVENTBUS_SAN}")) \
-CAkey ${CERTS_DIR}ca-root/ca-root.key -set_serial 01 \ -CAkey ${CERTS_DIR}ca-root/ca-root.key -set_serial 01 \
-extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${EVENTBUS_SAN}")) \
-out ${CERTS_DIR}api-eventbus/api-eventbus.crt >/dev/null -out ${CERTS_DIR}api-eventbus/api-eventbus.crt >/dev/null
# Genearte Cache cert # Generate Cache cert
openssl req -newkey rsa:2048 -nodes \ openssl req -newkey rsa:2048 -nodes \
-subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/CN=$CACHE_CN" \ -subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/CN=$CACHE_CN" \
-keyout ${CERTS_DIR}api-cache/api-cache.key \ -keyout ${CERTS_DIR}api-cache/api-cache.key \
@ -120,12 +120,12 @@ openssl req -newkey rsa:2048 -nodes \
openssl x509 -req -days 365 \ openssl x509 -req -days 365 \
-in ${CERTS_DIR}api-cache/api-cache.csr -CA ${CERTS_DIR}ca-root/ca-root.crt \ -in ${CERTS_DIR}api-cache/api-cache.csr -CA ${CERTS_DIR}ca-root/ca-root.crt \
-extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${CACHE_SAN}")) \
-CAkey ${CERTS_DIR}ca-root/ca-root.key -set_serial 01 \ -CAkey ${CERTS_DIR}ca-root/ca-root.key -set_serial 01 \
-extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${CACHE_SAN}")) \
-out ${CERTS_DIR}api-cache/api-cache.crt >/dev/null -out ${CERTS_DIR}api-cache/api-cache.crt >/dev/null
# Genearte Logger cert # Generate Logger cert
openssl req -newkey rsa:2048 -nodes \ openssl req -newkey rsa:2048 -nodes \
-subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/CN=$LOGGER_CN" \ -subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/CN=$LOGGER_CN" \
-keyout ${CERTS_DIR}api-logger/api-logger.key \ -keyout ${CERTS_DIR}api-logger/api-logger.key \
@ -133,12 +133,12 @@ openssl req -newkey rsa:2048 -nodes \
openssl x509 -req -days 365 \ openssl x509 -req -days 365 \
-in ${CERTS_DIR}api-logger/api-logger.csr -CA ${CERTS_DIR}ca-root/ca-root.crt \ -in ${CERTS_DIR}api-logger/api-logger.csr -CA ${CERTS_DIR}ca-root/ca-root.crt \
-extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${LOGGER_SAN}")) \
-CAkey ${CERTS_DIR}ca-root/ca-root.key -set_serial 01 \ -CAkey ${CERTS_DIR}ca-root/ca-root.key -set_serial 01 \
-extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${LOGGER_SAN}")) \
-out ${CERTS_DIR}api-logger/api-logger.crt >/dev/null -out ${CERTS_DIR}api-logger/api-logger.crt >/dev/null
# Genearte Prometheus cert # Generate Prometheus cert
openssl req -newkey rsa:2048 -nodes \ openssl req -newkey rsa:2048 -nodes \
-subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/CN=$PROMETHEUS_CN" \ -subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/CN=$PROMETHEUS_CN" \
-keyout ${CERTS_DIR}api-prometheus/api-prometheus.key \ -keyout ${CERTS_DIR}api-prometheus/api-prometheus.key \
@ -146,12 +146,12 @@ openssl req -newkey rsa:2048 -nodes \
openssl x509 -req -days 365 \ openssl x509 -req -days 365 \
-in ${CERTS_DIR}api-prometheus/api-prometheus.csr -CA ${CERTS_DIR}ca-root/ca-root.crt \ -in ${CERTS_DIR}api-prometheus/api-prometheus.csr -CA ${CERTS_DIR}ca-root/ca-root.crt \
-extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${PROMETHEUS_SAN}")) \
-CAkey ${CERTS_DIR}ca-root/ca-root.key -set_serial 01 \ -CAkey ${CERTS_DIR}ca-root/ca-root.key -set_serial 01 \
-extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${PROMETHEUS_SAN}")) \
-out ${CERTS_DIR}api-prometheus/api-prometheus.crt >/dev/null -out ${CERTS_DIR}api-prometheus/api-prometheus.crt >/dev/null
# Genearte Grafana cert # Generate Grafana cert
openssl req -newkey rsa:2048 -nodes \ openssl req -newkey rsa:2048 -nodes \
-subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/CN=$GRAFANA_CN" \ -subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/CN=$GRAFANA_CN" \
-keyout ${CERTS_DIR}api-grafana/api-grafana.key \ -keyout ${CERTS_DIR}api-grafana/api-grafana.key \
@ -159,12 +159,12 @@ openssl req -newkey rsa:2048 -nodes \
openssl x509 -req -days 365 \ openssl x509 -req -days 365 \
-in ${CERTS_DIR}api-grafana/api-grafana.csr -CA ${CERTS_DIR}ca-root/ca-root.crt \ -in ${CERTS_DIR}api-grafana/api-grafana.csr -CA ${CERTS_DIR}ca-root/ca-root.crt \
-extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${GRAFANA_SAN}")) \
-CAkey ${CERTS_DIR}ca-root/ca-root.key -set_serial 01 \ -CAkey ${CERTS_DIR}ca-root/ca-root.key -set_serial 01 \
-extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${GRAFANA_SAN}")) \
-out ${CERTS_DIR}api-grafana/api-grafana.crt >/dev/null -out ${CERTS_DIR}api-grafana/api-grafana.crt >/dev/null
# Genearte Postgres cert # Generate Postgres cert
openssl req -newkey rsa:2048 -nodes \ openssl req -newkey rsa:2048 -nodes \
-subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/CN=$POSTGRES_CN" \ -subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/CN=$POSTGRES_CN" \
-keyout ${CERTS_DIR}db-postgres/db-postgres.key \ -keyout ${CERTS_DIR}db-postgres/db-postgres.key \
@ -172,12 +172,12 @@ openssl req -newkey rsa:2048 -nodes \
openssl x509 -req -days 365 \ openssl x509 -req -days 365 \
-in ${CERTS_DIR}db-postgres/db-postgres.csr -CA ${CERTS_DIR}ca-root/ca-root.crt \ -in ${CERTS_DIR}db-postgres/db-postgres.csr -CA ${CERTS_DIR}ca-root/ca-root.crt \
-extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${POSTGRES_SAN}")) \
-CAkey ${CERTS_DIR}ca-root/ca-root.key -set_serial 01 \ -CAkey ${CERTS_DIR}ca-root/ca-root.key -set_serial 01 \
-extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${POSTGRES_SAN}")) \
-out ${CERTS_DIR}db-postgres/db-postgres.crt >/dev/null -out ${CERTS_DIR}db-postgres/db-postgres.crt >/dev/null
# Genearte Mongo cert # Generate Mongo cert
openssl req -newkey rsa:2048 -nodes \ openssl req -newkey rsa:2048 -nodes \
-subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/CN=$MONGO_CN" \ -subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/CN=$MONGO_CN" \
-keyout ${CERTS_DIR}db-mongo/db-mongo.key \ -keyout ${CERTS_DIR}db-mongo/db-mongo.key \
@ -185,12 +185,12 @@ openssl req -newkey rsa:2048 -nodes \
openssl x509 -req -days 365 \ openssl x509 -req -days 365 \
-in ${CERTS_DIR}db-mongo/db-mongo.csr -CA ${CERTS_DIR}ca-root/ca-root.crt \ -in ${CERTS_DIR}db-mongo/db-mongo.csr -CA ${CERTS_DIR}ca-root/ca-root.crt \
-extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${MONGO_SAN}")) \
-CAkey ${CERTS_DIR}ca-root/ca-root.key -set_serial 01 \ -CAkey ${CERTS_DIR}ca-root/ca-root.key -set_serial 01 \
-extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${MONGO_SAN}")) \
-out ${CERTS_DIR}db-mongo/db-mongo.crt >/dev/null -out ${CERTS_DIR}db-mongo/db-mongo.crt >/dev/null
# Genearte Identity cert # Generate Identity cert
openssl req -newkey rsa:2048 -nodes \ openssl req -newkey rsa:2048 -nodes \
-subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/CN=$IDENTITY_CN" \ -subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/CN=$IDENTITY_CN" \
-keyout ${CERTS_DIR}identity-svc/identity-svc.key \ -keyout ${CERTS_DIR}identity-svc/identity-svc.key \
@ -198,12 +198,12 @@ openssl req -newkey rsa:2048 -nodes \
openssl x509 -req -days 365 \ openssl x509 -req -days 365 \
-in ${CERTS_DIR}identity-svc/identity-svc.csr -CA ${CERTS_DIR}ca-root/ca-root.crt \ -in ${CERTS_DIR}identity-svc/identity-svc.csr -CA ${CERTS_DIR}ca-root/ca-root.crt \
-extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${IDENTITY_SAN}")) \
-CAkey ${CERTS_DIR}ca-root/ca-root.key -set_serial 01 \ -CAkey ${CERTS_DIR}ca-root/ca-root.key -set_serial 01 \
-extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${IDENTITY_SAN}")) \
-out ${CERTS_DIR}identity-svc/identity-svc.crt >/dev/null -out ${CERTS_DIR}identity-svc/identity-svc.crt >/dev/null
# Genearte Basket cert # Generate Basket cert
openssl req -newkey rsa:2048 -nodes \ openssl req -newkey rsa:2048 -nodes \
-subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/CN=$BASKET_CN" \ -subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/CN=$BASKET_CN" \
-keyout ${CERTS_DIR}basket-svc/basket-svc.key \ -keyout ${CERTS_DIR}basket-svc/basket-svc.key \
@ -211,12 +211,12 @@ openssl req -newkey rsa:2048 -nodes \
openssl x509 -req -days 365 \ openssl x509 -req -days 365 \
-in ${CERTS_DIR}basket-svc/basket-svc.csr -CA ${CERTS_DIR}ca-root/ca-root.crt \ -in ${CERTS_DIR}basket-svc/basket-svc.csr -CA ${CERTS_DIR}ca-root/ca-root.crt \
-extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${BASKET_SAN}")) \
-CAkey ${CERTS_DIR}ca-root/ca-root.key -set_serial 01 \ -CAkey ${CERTS_DIR}ca-root/ca-root.key -set_serial 01 \
-extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${BASKET_SAN}")) \
-out ${CERTS_DIR}basket-svc/basket-svc.crt >/dev/null -out ${CERTS_DIR}basket-svc/basket-svc.crt >/dev/null
# Genearte Catalog cert # Generate Catalog cert
openssl req -newkey rsa:2048 -nodes \ openssl req -newkey rsa:2048 -nodes \
-subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/CN=$CATALOG_CN" \ -subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/CN=$CATALOG_CN" \
-keyout ${CERTS_DIR}catalog-svc/catalog-svc.key \ -keyout ${CERTS_DIR}catalog-svc/catalog-svc.key \
@ -224,12 +224,12 @@ openssl req -newkey rsa:2048 -nodes \
openssl x509 -req -days 365 \ openssl x509 -req -days 365 \
-in ${CERTS_DIR}catalog-svc/catalog-svc.csr -CA ${CERTS_DIR}ca-root/ca-root.crt \ -in ${CERTS_DIR}catalog-svc/catalog-svc.csr -CA ${CERTS_DIR}ca-root/ca-root.crt \
-extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${CATALOG_SAN}")) \
-CAkey ${CERTS_DIR}ca-root/ca-root.key -set_serial 01 \ -CAkey ${CERTS_DIR}ca-root/ca-root.key -set_serial 01 \
-extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${CATALOG_SAN}")) \
-out ${CERTS_DIR}catalog-svc/catalog-svc.crt >/dev/null -out ${CERTS_DIR}catalog-svc/catalog-svc.crt >/dev/null
# Genearte Order cert # Generate Order cert
openssl req -newkey rsa:2048 -nodes \ openssl req -newkey rsa:2048 -nodes \
-subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/CN=$ORDER_CN" \ -subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/CN=$ORDER_CN" \
-keyout ${CERTS_DIR}order-svc/order-svc.key \ -keyout ${CERTS_DIR}order-svc/order-svc.key \
@ -237,12 +237,12 @@ openssl req -newkey rsa:2048 -nodes \
openssl x509 -req -days 365 \ openssl x509 -req -days 365 \
-in ${CERTS_DIR}order-svc/order-svc.csr -CA ${CERTS_DIR}ca-root/ca-root.crt \ -in ${CERTS_DIR}order-svc/order-svc.csr -CA ${CERTS_DIR}ca-root/ca-root.crt \
-extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${ORDER_SAN}")) \
-CAkey ${CERTS_DIR}ca-root/ca-root.key -set_serial 01 \ -CAkey ${CERTS_DIR}ca-root/ca-root.key -set_serial 01 \
-extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${ORDER_SAN}")) \
-out ${CERTS_DIR}order-svc/order-svc.crt >/dev/null -out ${CERTS_DIR}order-svc/order-svc.crt >/dev/null
# Genearte Pricing cert # Generate Pricing cert
openssl req -newkey rsa:2048 -nodes \ openssl req -newkey rsa:2048 -nodes \
-subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/CN=$PRICING_CN" \ -subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/CN=$PRICING_CN" \
-keyout ${CERTS_DIR}pricing-svc/pricing-svc.key \ -keyout ${CERTS_DIR}pricing-svc/pricing-svc.key \
@ -250,6 +250,6 @@ openssl req -newkey rsa:2048 -nodes \
openssl x509 -req -days 365 \ openssl x509 -req -days 365 \
-in ${CERTS_DIR}pricing-svc/pricing-svc.csr -CA ${CERTS_DIR}ca-root/ca-root.crt \ -in ${CERTS_DIR}pricing-svc/pricing-svc.csr -CA ${CERTS_DIR}ca-root/ca-root.crt \
-extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${PRICING_SAN}")) \
-CAkey ${CERTS_DIR}ca-root/ca-root.key -set_serial 01 \ -CAkey ${CERTS_DIR}ca-root/ca-root.key -set_serial 01 \
-extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${PRICING_SAN}")) \
-out ${CERTS_DIR}pricing-svc/pricing-svc.crt >/dev/null -out ${CERTS_DIR}pricing-svc/pricing-svc.crt >/dev/null